Jamf Nation Community

Is there a way to write a script to do it?

You can enable microphone and camera programmatically by manually editing the TCC.db. You cannot do this for Screen Recording using this method as that is set in the /Library level TCC.db which is SIP protected, but this method works fine for Mic and Camera as they are in the ~/Library level TCC.db.

Examples:

Enable Microphone in Skype For Business for the currently logged in user -

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceMicrophone','com.microsoft.SkypeForBusiness',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"

Enable Camera in Teams for the currently logged in user -

#!/bin/sh

#get username
user=`stat -f "%Su" /dev/console`

sqlite3 /Users/$user/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT or REPLACE INTO access VALUES('kTCCServiceCamera','com.microsoft.teams',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1541440109);" ".exit"

I took @hkabik's example and made one for Zoom

# Acquire currently logged in username
userName=$(/usr/bin/stat -f "%Su" "/dev/console")

# Allow Microphone
/usr/bin/sqlite3 /Users/${userName}/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT OR REPLACE INTO access VALUES('kTCCServiceMicrophone','us.zoom.xos',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1234567890);" ".exit"

# Allow Camera
/usr/bin/sqlite3 /Users/${userName}/Library/Application Support/com.apple.TCC/TCC.db -cmd "INSERT OR REPLACE INTO access VALUES('kTCCServiceCamera','us.zoom.xos',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1234567890);" ".exit"

exit

@cainehorr

Caine,

I’m testing your zoom script to enable the camera and microphone and I’m getting this error: “table access has 13 columns but 12 values were supplied”. Have you come across this? I’m running big sur 11.1

@kmitnick Apple probably "fixed" it in Big Sur. This was never intended to be a valid way of enabling these. Apple wants a human in front of the screen to make that choice. And for very good reason!

Perhaps you should re-think not allowing users to access the Security & Privacy preference pane. I want my users to understand that they must give permission for apps to access things on their Mac. I also want them to learn to do this themselves instead of always asking for someone to do it for them. I am 100% in agreement with Apple about this, even if it is a pain in the butt to deal with as an Apple admin.

@patgmac @howie_isaacks totally understand what you guys are saying. I was just trying to test this to see if it still worked in Big Sur. Trying to avoid users from doing it. it was more of a "see if it would work" then a recommendation to use it. thanks guys.

Kind of related but different so ignore this if it's too off the path.

I want to know if there's a way to see if an "allow" is just sitting unchecked in a user's Security settings. There's an issue with Crowdstrike requiring users to allow but we don't trust them to do it and there's no way CS can tell us if they did or not. This means firmware detections will not be reported.

Does anyone have a similar script for enabling Google Chrome for Microphone and Camera?

 Or can someone point me in the right direction...

Appreciated!

I think there could be/is a way to use Sqlite3 and the DB to set these permissions. 

I will continue to look at it in time. But thank you for the reply.